Android Malware written in Kotlin found on Play Store stealing data

Just another day with just another Android malware hosted on Google Play Store targeting unsuspecting users – But this time, the malware is written in Kotlin, a statically-typed programming language.

Androidos_Bkotklind.Hrx malware

The IT security researchers at Trend Micro have discovered an Android malware Androidos_Bkotklind.Hrx on Google Play Store hiding behind a utility app called “Swift Cleaner.” The app claims to clean and optimize Android devices but in reality, it installs malware and steals data and performs other malicious acts including click ad fraud, SMS sending, URL forwarding and sign up users for premium SMS service without the permission or knowledge of the victim.

According to Trend Micro’s blog post, once the Swift Cleaner is launched, the malware sends device information to its remote server and initiate tasks including sending SMS to a specified number, executing WAP (wireless application protocol) task that lets malware collect wireless network related information and injects a Javascript that allows the malware to secretly steal the device’s data – All this is done after receiving tasks through command and control center (C&C).

Screenshot for the infected app (Via: Trend Micro / PlayStore)

Moreover, the malware uploads the information of the victim’s service provider, login credentials and CAPTCHA images to the C&C server which is then processed by attackers to sign the victim up for premium SMS service subscription that costs them money.

What is Kotlin?

Koltin is an open-source programming language for modern multiplatform applications. In May 2017, Google announced Kotlin as a first-class language for writing Android apps which is being used by prominent apps including Netflix, Pinterest, and Twitter.

This is the first time that a malware is written in Koltin programming language. According to Lorin Wu, a mobile threats analyst with Trend Micro, “It’s still unknown if the abovementioned features of Kotlin can make a difference when creating malware.”

Malware removed

Trend Micro reported their findings to Google who acknowledged the presence of malware and removed it from Play Store. The app had only 1,000-5,000 installs, however, there have been several incidents in the recent past in which tons of malware-infected apps successfully made it on to Play Store and infected millions of devices without raising any suspicion.

Waqas Amir is a UK-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in Milan, Italy.